On Thu, Jul 13, 2006 at 07:56:02AM +0200, Christian Perrier wrote: > Quoting Geoff Crompton ([EMAIL PROTECTED]): > > Package: samba > > Version: 3.0.14a-3sarge1 > > Severity: grave
> > Samba have announced http://www.samba.org/samba/security/CAN-2006-3403.html, > > and have a patch available. It affects all samba configurations, hence I > > consider this grave. > > I wouldn't be surprised if the security team is already aware of this. > It is. > I tested a compile of the current sarge package to which I added the > patch provided by upstream (attached) but it failed: > Compiling lib/util.c > lib/util.c:2447: error: redefinition of `data_path' > lib/util.c:2392: error: `data_path' previously defined here > lib/util.c:2457: error: redefinition of `state_path' > lib/util.c:2402: error: `state_path' previously defined here > lib/util.c:2477: error: redefinition of `cache_path' > lib/util.c:2422: error: `cache_path' previously defined here > make[1]: *** [lib/util.o] Erreur 1 > make[1]: Leaving directory > `/home/bubulle/src/debian/samba/samba-3.0.14a/source' > make: *** [build-stamp] Erreur 2 This looks like you've gotten yourself a double-patched file. Perhaps you should try cleaning your build tree and trying again? Anyway, it built for me and I've committed the patch to /branches/sarge. I'd be happy if someone else could follow through with the security team, though. BTW, I've downgraded this bug from 'grave' to 'important' since, according to upstream's security advisory, it's a DoS rather than an exploitable privilege escalation. Cheers, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
